Cyber Security is much more than simply a buzzword for any organization that uses at least one computer connected to a network. In other words, Cyber Security is of interest to everyone, but especially so to those organizations that maintain massive confidential data in their computer systems.Cybercrime, the theft of data and malicious invasion of computers and networks, has become so commonplace and so financially destructive that it is, for most government’s law enforcement organizations, a major branch of operations. But law enforcement becomes involved primarily after a crime has been committed—after the firm has experienced the loss of confidential data of customers and business operations. Because of the extent to which computers and networks control virtually every complex system in the world, our very lives can be gravely affected by the malicious invasion of ingenious and skilled hackers. The effects of cybercrime can run the gamut from merely inconvenient to life-threatening. And the increase in the public’s reliance on computers and networks increases the magnitude of the risks involved. It is therefore vital for every organization to become acutely aware of cybercrime and how it can protect itself against this growing, world-wide problem.
Government, military, financial institutions, businesses of all kinds store and process a virtually infinite amount of confidential data through their networks and computers systems. The loss of this data can put a company out of business and cause governments untold embarrassment and loss of confidence.As preventive measures grow more sophisticated, so do the attacks on the systems. It is a constant cat and mouse game where there is no clear winner at any given time.
The best way to prevent loss from a cyber-attack is to treat cyber security as importantly as any other department of the organization. Ensure all systems and networks as safeguarded to the fullest extent allowable by current technology. It’s expensive in both money and time for implementation of complex processes intended to guard access to date, but the alternative is even more expensive and the risk grows daily that an organization will be hit. Cyber security is a form of insurance: you pay even though you hope it’s never needed. In the event that it is—and that is more than a “when” than “if”—the cost of security is a bargain by any reckoning.
Cyber securityshould be treated as a business strategic risk rather than simply an IT problem. The world we live in is data driven and becoming more so every day. The company’s financial information, its intellectual property, its customer information, virtually its entire universe exists in bits of data that are transmitted throughout the country and the world. One might even make the case that the company’s reputation is embedded within its data; a loss of one is the loss of the other. It is therefore easy to grasp how important is guarding all this data from those who would steal and use it maliciously.
Big data is another buzzword that those in IT are very familiar with, although its definition is somewhat nebulous. It refers to the unbelievably large amount of data,structured or unstructured, available to organizations from unlimited sources. In fact, the raw, unstructured data can contain information the owner of the data doesn’t even recognize. The data only lacks “connection of the dots” to provide information and intelligence that businesses and governments can use to great advantage for analysis, decision-making, marketing, and other uses only limited by the imagination. More data, with more powerful systems, can give an organization a competitive edge through more accurate forecasting. Business decisions can be improved, risks and costs can be reduced, profits can be increased. There is no end to the advantages more data can provide if understood, interpreted, and used correctly.
Big data is sourced from the mundane—a small mail list of customers—to the esoteric—search patterns from millions of individuals’ computers. The market values social media providers so highly precisely because they have access to networks of billions of consumers, all talking about their likes and dislikes, what they have just bought and what they would like to buy, which movie star is on the rise and who is a has-been. With IP addresses or even GPS coordinates, a company can directly target consumers by location, age, sex, political affiliation, entertainment preferences, and myriad other criteria.
All of this rolls up into what we call Big Data. Although there is no specific, defined quantity for what constitutes “Big Data,” we can safely say that it can be measured in exabytes and has the following attributes:
Organizations of every kind have a virtually unlimited volume of data available at their disposal. However, a vast majority of that information is still unstructured, meaning that it needs to be sorted and analyzed to turn it into information from which some relevance and value can be derived.The low cost of storage and high volume of date transiting the globe has far outstripped our ability to make sense of it. However, the speed and intelligence of data analysis, even the rapid growth of artificial intelligence with which to discern the information in the exabytes of available date is growing apace. The day will soon be here when raw data will be turned into information almost instantaneously.
Many of those in the IT world remember when data transmission speeds were measured in the hundreds of kilobits per second and even less. Today, transmission speeds are in the hundreds of gigabits per second. Not only are speeds increasing, but the rate of increase in speed is increasing. The very near future will give us the ability to cheaply transmit amounts of data that today would be unbelievable, and all this will drive the use of more and more electronic data transmission, all of which will be intercepted and put to use.
Capturing data is made more complex due to the variety of formats it may be in. It may be voice, text, image, video, or meta data—data about data. Further, each of those broad categories has several format options, some of which are proprietary to the transmittor.
In addition to the problems brought by volume, velocity, and variety, the type of data one may receive at any one time can vary widely. For instance, a topic may be very prevalent on social media, even though it actually has no importance, while another, very important issue may receive very little attention. Evaluating data and determining whether it may be important information can be a difficult task due to frankly fickle and irrational emotions and reactions of the humans generating it.
Finally, given the volume, velocity, variety, and variability of exabytes of data being transmitted, those who would analyze and make use of it have an incredibly complex job. Remember that in its raw form, data is nothing more than 0’s and 1’s in some type of storage medium. The incredible challenge facing business and government is to cleanse, match, link, and transform these low-level bits into usable information; in other words, to connect trillions of trillions of dots.
Even with that unbelievably huge challenge, there are those who would steal that data and be able to use it to harm individuals, businesses, non-profit organizations, and governments. The concept of Big Data reveals the complexity and the amount of data available to so many organizations and the need for it to remain protected and confidential. It is for this reason that cyber securityis so important in safeguarding such information from cyber criminals.
Cyber attacks can present untold risks to an organization. The result of a security breach could bring severe damage to the company’s reputation through leakage of important documents, financial information, and private customer information. They may easily lose competitive information and valuable intellectual property.
Network monitoring tools may be selected based on a wide array of organizational needs. Some of the possible criteria and capabilities that may be valuable in selection are:
The full packet capture is the ability of the tool to record all of the data traffic in the network or the system in complete packets. Large volumes of data may be transmitted, but software breaks the data into packets of manageable sizes. Oftentimes, for various reasons, only a partial packet may be received and the receiving system will notify the sender that the packet as received was inclmplete, causing the packet to be resent. Full packet capture will be able to recognize partial packets and discard them, only storing full packets.
Packet analysis is the ability of the monitoring tool to identifythe payload of the data traffic. Packets are sent with prepended and appended meta information. It is important for the monitoring tool to be able to recognize and segregate the main information being sent from the tracking and meta data included in each packet.
Part of packet analysis, the monitoring tool should be able to identify and store the routing information contained in each data packet. This identifiesthe source of the data and the route through which it was directed to its final destination.
This ability helps the monitoring tool to identify the access trends.
Normalization helps the tools to keep an identification of all the normal usage of the network.
A great example of a monitoring tool is Visual TruView V9.0 by Fluke Networks. This tool has the capability of end-to-end user analysis, thereby having the capability of delving into a single IP address network connection. This capability helps the administrator to see whether the problem is with the network as a whole or from an individual user.
There are certainstrategies which an enterprise can employ to remain in control in case a cyber breach does occur. The following strategies can help to identify, monitor, and respond to system security breaches.
Document all security protocols, devices, accesses points, programs, users, and encryption levels. Control the distribution of this security inventory to only those who need to know it. Implement policies and procedures to ensure the security inventory is up to date. A common problem is an ex-employee’s account remaining in the system and is then discovered and used for illegal access. Because the employee is no longer there, no one notices that an unauthorized person has gained access to the system until too late.
Regularly test and validate that your network and all systems directly connected to it have only authorized software installed. Review and create log files to monitor whether violation alerts, actions taken, and security protocols are in compliance with defined policies.
Disable all unused ports on the routers and disable any user IDs and passwords that are no longer in use. Implement and enforce a two factor authentication and encryption process for all user sessions. When the threshold number of unsuccessful network authentication attempts is reached within a specified time period, disable the port, device, and user from the network and system and require manual supervisory intervention to restore access.
Record all important data and events with full timestamps. Implement strict firewall rulesto minimize inbound attacks. Review firewall rules regularly and remove access permissions that are no longer required.
Make use of the logs so that you can see the differences between current and prior period activities as a method to identify unauthorized attempted access to networks and systems. Test your system regularly. Challenge your best and brightest to break in to see if it can be done and to observe what effect the attempt has on system components.
Assume the worst. Even small organizations are targets for attack as criminals test their methods on companies and systems unlikely to notice entry or to forcefully prosecute if they do.
Cyber security is vital. Don’t wait until you’re out of business before considering insurance.